Date: Sat, 6 Jun 2015 01:53:48 +0200 From: Mateusz Guzik <mjguzik@gmail.com> To: kikuchan <kikuchan@uranus.dti.ne.jp> Cc: freebsd-jail@freebsd.org Subject: Re: [patch] separate SysV IPC namespace for jail Message-ID: <20150605235348.GA9965@dft-labs.eu> In-Reply-To: <CAG40kxFFnfvbLbqVprPC0oZ%2BnbKDYGxdvgd-vxWXFfN%2B3NQ0_A@mail.gmail.com> References: <CAG40kxFFnfvbLbqVprPC0oZ%2BnbKDYGxdvgd-vxWXFfN%2B3NQ0_A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jun 06, 2015 at 07:24:21AM +0900, kikuchan wrote: > Hello, > > I want to run multiple instances of PostgreSQL with jail. > > Changing UID is not suitable for my case, > so I created a simple patch for stable/10 to separate SysV IPC > namespace for each jail. > > In contrast to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=48471 , > this patch comes with; > - All objects are visible by ipcs(1) whether in jails or not. > - Trying to access the objects beyond the jail will be rejected with EACCES. > - Treat (key_t, prison) pair as the key for a named object. > - Very simple implementation; I just added to check > msqkptr->cred->cr_prison == td->td_ucred->cr_prison, for example. > > Is this approach suitable for FreeBSD kernel? > > If you find it is useful, or bugs, please let me know. > > P.S. > There is no way to know from userland which jails own the objects, so far. > I don't like this approach. I would expect completely separate namespaces. Extending struct prison with relevant pointers and updating the code to look at them is mostly mechanical work, but making it committable requires fixing some deficiencies and answering some questions. First off with the support for multi-level jails, jailing is no longer a privileged operation. There are documented harmless races related to that, but it is unclear if they transform into something serious with sysvipc involved. Single-threading the process for jailing should be fine. Address space can be shared between multiple jails, what happens if such a pair ends up in different jails? Preferably such a scenario would be prohibited to avoid future accidents. What about existing sysvshm mappings when jailing? -- Mateusz Guzik <mjguzik gmail.com>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150605235348.GA9965>